U.S. based trading app company, Robinhood Markets, Inc. has confirmed that a data breach resulted in leaked personal information of about seven million customers, which is roughly a third of its user base.
The company said in a blog post that an unauthorized third party had socially engineered a customer support employee by phone on November 3rd and obtained access to certain customer support systems.
Major Breach of Data
The unauthorized party was able to obtain a list of email addresses for approximately five million people, and full names for a different group of approximately two million people.
This included thousands of phone numbers as well, which are of importance to hackers. They use it to send phishing messages and calls to obtain multi-factor authentication codes to gain access to the trading accounts.
The hacker was also able to get additional personal information, including name, date of birth, and zip code of 310 customers, with a subset of approximately 10 customers having more extensive account details revealed.
According to Robinhood, the attack has been contained and no Social Security numbers, bank account numbers, or debit card numbers have been exposed. Also, there has been no financial loss to any customers as a result of the incident.
The company added that after they contained the intrusion, the hacker demanded an extortion payment. Robinhood instead promptly informed the law enforcement and are currently investigating the incident with the help of Mandiant, a leading outside security firm.
“As a Safety First company, we owe it to our customers to be transparent and act with integrity. Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” said Robinhood Chief Security Officer Caleb Sima.
The company said that they are in the process of making appropriate disclosures to affected people.
If you are a customer looking for information on how to keep your account secure, you can head to Robinhood website.